Exiled Tibetan Leaders Decry Malware Attack

April 6, 2009

By Ashwini Bhatia
AP
April 5, 2009

A series of computer viruses -- some of which can
literally eavesdrop on victims by turning on
webcams and microphones automatically -- appears
to be targeting Tibet's government-in-exile,
based in India. Evidence points to China as the
main source of the attack, though no smoking gun has been found.

Tibet's government-in-exile denounced a cyber-spy
network last week for hacking into the
organization's computers, while a scholar said
the sophisticated operation may have helped
identify those inside Tibet who speak to exile groups.

The exiled Tibetans were commenting on reports by
a Canadian research group that the network, based
mainly in China, hacked into classified documents
from government and private organizations in 103
countries, including the computers of the Dalai Lama and Tibetan exiles.

"We are told that much of these viruses originate
in China. We do not know if the Chinese
government has any part in such activities," said
Thupten Samphel, the official spokesperson of the Tibetan government-in-exile.

Evidence Points to China, No Smoking Gun

The Dalai Lama, Tibet's exiled spiritual leader,
once presided over a theocratic government but
fled to India 50 years ago when China quashed an
uprising, placing the Himalayan region under
Beijing's direct rule. He and the Tibetan
government-in-exile are based in Dharmsala, a
town in northern India. China says Tibet has been
part of its territory for centuries.

The Canadian research group said on Saturday that
while its analysis pointed to China as the main
source of the network, it has not conclusively
been able to detect the identity or motivation of the hackers.

The work of the Information Warfare Monitor
initially focused on allegations of Chinese cyber
espionage against the Tibetan exile community and
eventually led to a much wider network of
compromised machines, the Internet-based group said.

Tenzin Khedup, who manages the Tibetan
government-in-exile's official Web site
www.tibet.net, said on Monday that the hackers
had access to the password for the government's server.

"They insert some code to our site which
distributes a virus to whoever visits our site,"
he said. "Every two days our password gets known, and we have to change it."

A/V Spyware

Robert Barnett, director of the Modern Tibetan
Studies Program at Columbia University in New
York, said that those in the Tibet program there
have been getting emails from people pretending
to be Tibetans for about 18 months.

"I get these once every one or two weeks," he
said. "They're from names I know, giving their
real addresses and referring in the content to
other Tibetans I know in intimate terms."

Barnett said the emails have become more
sophisticated and untraceable over time.

"What's news is that these people had the
capacity to capture audio and video on anything
in a room with these computers," he said, citing
findings in the Canadian report.

Barnett said the hackers use spyware to identify
sources inside Tibet who talk to foreign scholars and exiled Tibetans.

"They are put at risk. That's the main concern," he said.

He said the operation's sophistication made it
unlikely that the source was merely disgruntled
nationalists among the Chinese public who are
angry about Tibetan exiles demanding independence.

"It looks like something very specific and is
about getting information," he said.